Changes between Version 10 and Version 11 of DirectoryAuthPlugin


Ignore:
Timestamp:
Mar 22, 2015, 11:51:47 AM (9 years ago)
Author:
figaro
Comment:

Cosmetic changes

Legend:

Unmodified
Added
Removed
Modified
  • DirectoryAuthPlugin

    v10 v11  
    11[[PageOutline(2-5,Contents,pullout)]]
     2
    23= Directory Auth Plugin
    34
     
    67The Directory Auth Plugin is a password store for the AccountManagerPlugin that provides authentication and groups from [http://en.wikipedia.org/wiki/Lightweight_Directory_Access_Protocol Lightweight Directory Access Protocol (LDAP)] enabled service including [http://www.openldap.org OpenLdap], [http://en.wikipedia.org/wiki/Active_Directory ActiveDirectory] and [http://en.wikipedia.org/wiki/Apple_Open_Directory OpenDirectory].
    78
    8 Users are authenticated by performing an ldap_bind against a directory using their credentials.  The plugin will also pull the email address and displayName from Directory and populate the `session_attribute` table. See [http://pacopablo.com/blog/pacopablo/blog/set-assign-to-drop-down Populating ''Assign To'' Drop Down in Trac] for more information on why.
     9Users are authenticated by performing an ldap_bind against a directory using their credentials. The plugin will also pull the email address and displayName from Directory and populate the `session_attribute` table. See [http://pacopablo.com/blog/pacopablo/blog/set-assign-to-drop-down Populating ''Assign To'' Drop Down in Trac] for more information on why.
    910
    1011== Features
    11  - Can use a service account to do lookups, or anonymous binding
    12  - Can use SSL if openssl is configured correctly ( I am working on some documentation for this )
    13  - Configurable .. many options to deal with the differences between directories and schema
    14  - Uses both memory and db based caching to improve performance
    15  - Now supports LARGE directories '''Updated'''
    16    - Searches Groups more efficiently using Member
    17    - Recurses up the tree to find subgroups
    18  - Can expand directory groups into the Trac namespace
     12
     13 - Can use a service account to do lookups, or anonymous binding.
     14 - Can use SSL if openssl is configured correctly.
     15 - Configurable .. many options to deal with the differences between directories and schema.
     16 - Uses both memory and db based caching to improve performance.
     17 - Now supports LARGE directories '''Updated'''.
     18   - Searches Groups more efficiently using Member.
     19   - Recurses up the tree to find subgroups.
     20 - Can expand directory groups into the Trac namespace.
    1921
    2022See: [DirectoryAuthPlugin/TheoryOfOperation TheoryOfOperation]
     
    2830[http://trac-hacks.org/newticket?component=DirectoryAuthPlugin&owner=sandinak new ticket].
    2931
     32[[TicketQuery(component=DirectoryAuthPlugin&group=type,format=progress)]]
     33
    3034== Download
    3135
     
    3640You can check out DirectoryAuthPlugin from [http://trac-hacks.org/svn/directoryauthplugin here] using Subversion, or [source:directoryauthplugin browse the source] with Trac.
    3741
    38 == Install
     42== Installation
    3943
    4044==== Prerequisites
    4145
    4246 - You must install AccountManagerPlugin in order to use this plugin. 
    43  - Python-LDAP is also required and can be downloaded [http://pypi.python.org/pypi/python-ldap/ here]
    44  - for SSL, you will have to install and configure OpenSSL to work with valid certificates. ( you can test using ldapsearch -Z ) 
     47 - [pypi:python-ldap/ Python-LDAP] is also required.
     48 - For SSL, you will have to install and configure OpenSSL to work with valid certificates. You can test using `ldapsearch -Z`.
    4549
    46 ==== Installation
     50==== Installation steps
    4751
    48 Follow the Trac documentation on how [http://trac.edgewall.org/search?q=TracPlugins to install Trac plugins]
     52Follow the Trac documentation on how [http://trac.edgewall.org/search?q=TracPlugins to install Trac plugins].
    4953
    50  - starting with 0.3, a database upgrade will be required as part of the installation.
    51    1. install the plugin and it's prerequisites
    52    1. update the database
     54 - Starting with v0.3, a database upgrade will be required as part of the installation.
     55   1. Install the plugin and its prerequisites
     56   1. Update the database:
    5357{{{#!sh
    5458trac-admin /var/trac/instance upgrade
    5559}}}
    56    1. restart the trac service or your webserver.
     60   1. Restart the tracd service or your webserver.
    5761
    58 See [DirectoryAuthPlugin/ConfigurationExamples ConfigurationExamples]
     62See [DirectoryAuthPlugin/ConfigurationExamples ConfigurationExamples].
    5963
    6064== Common Errors
    61  - When using SSL, the server won't authenticate.  Make sure you can use ldapsearch -Z with the same parameters from the same host, and resolve the issues there.  A handy way to do that is use:
     65
     66 - When using SSL, the server won't authenticate. Make sure you can use `ldapsearch -Z` with the same parameters from the same host, and resolve the issues there. A handy way to do that is to use:
    6267{{{
    6368joe@admin > ldapsearch -d8 -Z -x -b dc=base,dc=net -D binding@base.net -W -H ldaps://ldap.base.net -s one 'objectclass=person'
     
    6570 The {{{-d8}}} should show you TLS errors.
    6671
    67  - If you see Trac throwing an exception similar to "OPERATIONS_ERROR: In order to perform this operation a successful bind must be completed on the connection" when you know the bind user/pass is correct you will want to try connection to active directory on port 3268. This may happen when AD is running across multiple machines.
     72 - If you see Trac throwing an exception similar to "OPERATIONS_ERROR: In order to perform this operation a successful bind must be completed on the connection" when you know the bind user/pass is correct, then try connect to Active Directory on port 3268. This may happen when AD is running across multiple machines.
    6873
    6974== Recent Changes
     
    7479
    7580'''Author:''' [wiki:pacopablo] [[BR]]
    76 '''Maintainer:''' rjollos [[BR]]
     81'''Maintainer:''' [[Maintainer]] [[BR]]
    7782'''Contributors:''' sandinak